コード例 #1
0
def add_forening_permission(request):
    user = User.objects.get(id=request.POST['user'])
    forening = Forening.objects.get(id=request.POST['forening'])
    role = request.POST['role']

    if role not in [r[0] for r in ForeningRole.ROLE_CHOICES]:
        raise PermissionDenied

    # Verify that the user performing this action has the required permissions
    all_foreninger = request.user.all_foreninger()
    if role == 'admin':
        # Setting admin requires admin
        if forening not in [a for a in all_foreninger if a.role == 'admin']:
            raise PermissionDenied
    elif role == 'user':
        # Any role can set user
        if forening not in all_foreninger:
            raise PermissionDenied

    try:
        role = ForeningRole.objects.get(user=user, forening=forening)
        role.role = request.POST['role']
        role.save()
    except ForeningRole.DoesNotExist:
        role = ForeningRole(user=user, forening=forening, role=request.POST['role'])
        role.save()

    if request.POST.get('send_email', '') != '':
        if user.get_sherpa_email() == '':
            messages.warning(request, 'no_email_for_user')
        else:
            if send_access_granted_email(user, forening, request.user):
                messages.info(request, 'access_email_success')
            else:
                messages.warning(request, 'access_email_failure')

    cache.delete('user.%s.all_foreninger' % user.id)
    cache.delete('user.%s.children_foreninger' % user.id)
    return redirect('%s#tilganger' % reverse('admin:users.show', args=[user.id]))
コード例 #2
0
ファイル: friendlyrole.py プロジェクト: simensma/sherpa
def friendlyrole(role):
    return ForeningRole.friendly_role(role)
コード例 #3
0
def create(request, forening_id):
    current_forening = Forening.objects.get(id=forening_id)

    if current_forening not in request.user.all_foreninger():
        raise PermissionDenied

    # The parent choices are tricky to define in the forms API, so do it here.
    # Note that we're intentionally letting users choose parents among only those they have permission to.
    all_sorted = request.user.all_foreninger_sorted()
    parents_choices = {
        'forening': all_sorted['forening'],
        'turlag': all_sorted['turlag'],
    }

    # If the parent of the current forening isn't in the user's permissions, we still need to include that one as an
    # available parent so that they're able to make changes.
    if current_forening.type != 'sentral':
        for current_parent in current_forening.get_main_foreninger():
            if current_parent not in parents_choices['forening'] and current_parent not in parents_choices['turlag']:
                parents_choices[current_parent.type].append(current_parent)

    form = CreateForeningForm(request.user, initial={
        'zipcode': '',
    })

    context = {
        'current_forening': current_forening,
        'parents_choices': parents_choices,
        'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH,
        'form': form,
    }

    # Give URLPicker the homepage site for the current forening. If they don't have one, just use the central site
    relevant_site = current_forening.get_homepage_site() or Site.get_central()
    context.update(url_picker_context(relevant_site))

    if request.method == 'GET':
        return render(request, 'central/admin/foreninger/create.html', context)

    elif request.method == 'POST':

        form = CreateForeningForm(request.user, request.POST)
        if form.is_valid():
            forening = Forening()
            forening.name = form.cleaned_data['name']
            forening.type = form.cleaned_data['type']
            if forening.type == 'turgruppe':
                forening.group_type = form.cleaned_data['group_type']
            else:
                forening.group_type = ''

            forening.save()

            # Set M2M-fields after the initial db-save
            forening.parents = form.cleaned_data['parents']

            # Ensure the Turbasen object is re-saved with applicable M2M-relations
            forening.save_turbasen_object()

            # Add the current user as admin on the new forening
            role = ForeningRole(
                user=request.user,
                forening=forening,
                role='admin',
            )
            role.save()
            # FIXME: We can't delete the permission cache for all users, so some may find that they can't edit
            # the new forening even though they should be able, until the cache (which is currently 24h) expires.
            cache.delete('user.%s.all_foreninger' % request.user.id)

            messages.info(request, 'forening_create_success')
            request.session['active_forening'] = forening.id
            cache.delete('foreninger.all.sorted_by_name')
            cache.delete('foreninger.all.sorted_by_type')
            cache.delete('foreninger.rendered_select')
            cache.delete('forening.%s' % forening.id)
            cache.delete('forening.main_foreninger.%s' % forening.id)
            return redirect('admin:foreninger.edit', forening.id)
        else:
            context.update({'form': form})
            return render(request, 'central/admin/foreninger/create.html', context)

    else:
        return redirect('admin:foreninger.create', current_forening.id)
コード例 #4
0
def users_give_access(request, forening_id):
    current_forening = Forening.objects.get(id=forening_id)
    if current_forening not in request.user.all_foreninger():
        raise PermissionDenied

    wanted_role = request.POST['wanted_role']
    if wanted_role not in [role[0] for role in ForeningRole.ROLE_CHOICES]:
        raise PermissionDenied

    # Verify that the user has the same access that they're giving
    passed = False
    for forening in request.user.all_foreninger():
        if forening == request.active_forening:
            if wanted_role == 'admin' and forening.role == 'user':
                raise PermissionDenied
            else:
                passed = True
    if not passed:
        raise PermissionDenied

    other_user = User.get_users(include_pending=True).get(id=request.POST['user'])
    if other_user.has_perm('sherpa_admin'):
        messages.info(request, 'user_is_sherpa_admin')
        return redirect('admin:foreninger.users', current_forening.id)

    # Adding the sherpa permission, if missing, is implicit - and informed about client-side
    if not other_user.has_perm('sherpa'):
        p = Permission.objects.get(name='sherpa')
        other_user.permissions.add(p)

    for forening in other_user.all_foreninger():
        if forening == request.active_forening:
            # The user already has access to this forening
            if forening.role == 'user' and wanted_role == 'admin':
                # But it's a user role and we want admin! Update it.
                forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
                forening_role.role = 'admin'
                forening_role.save()
                messages.info(request, 'permission_created')
            elif forening.role == 'admin' and wanted_role == 'user':
                # We want user access, but they have admin. Chcek if it's an explicit relationship:
                try:
                    forening_role = ForeningRole.objects.get(user=other_user, forening=forening)
                    forening_role.role = 'user'
                    forening_role.save()
                    messages.info(request, 'permission_created')
                except ForeningRole.DoesNotExist:
                    # No explicit relationship, so the user must have admin access to a parent
                    messages.info(request, 'user_has_admin_in_parent')
            else:
                # In this case, forening.role should equal wanted_role, so just inform the user that all is in order
                messages.info(request, 'equal_permission_already_exists')
            cache.delete('user.%s.all_foreninger' % other_user.id)
            return redirect('admin:foreninger.users', current_forening.id)

    # If we reach this code path, this is a new relationship - create it
    forening_role = ForeningRole(
        user=other_user,
        forening=request.active_forening,
        role=wanted_role,
    )
    forening_role.save()
    if request.POST.get('send_email', '') != '':
        if send_access_granted_email(other_user, request.active_forening, request.user):
            messages.info(request, 'access_email_success')
        else:
            messages.warning(request, 'access_email_failure')
    messages.info(request, 'permission_created')
    cache.delete('user.%s.all_foreninger' % other_user.id)
    return redirect('admin:foreninger.users', current_forening.id)
コード例 #5
0
ファイル: views.py プロジェクト: simensma/sherpa
def index(request, forening_id):
    current_forening = Forening.objects.get(id=forening_id)
    if current_forening not in request.user.all_foreninger():
        raise PermissionDenied

    forening_users = list(User.objects.filter(foreninger=current_forening))

    forening_users_by_parent = []

    parent_ids = [p.id for p in current_forening.get_parents_deep()]
    forening_users_by_parent_all = list(User.objects.filter(foreninger__in=parent_ids))

    # Prefetch and cache the actors
    memberids = [u.memberid for u in (forening_users + forening_users_by_parent)]
    for actor in Actor.get_personal_members().filter(memberid__in=memberids):
        cache.set('actor.%s' % actor.memberid, actor, settings.FOCUS_MEMBER_CACHE_PERIOD)

    # Safe to iterate without having n+1 issues

    # Filter on admins
    forening_users_by_parent = []
    for user in forening_users_by_parent_all:
        for forening in user.all_foreninger():
            if forening == current_forening and forening.role == 'admin':
                forening_users_by_parent.append(user)

    forening_users = sorted(forening_users, key=lambda u: u.get_full_name())
    forening_users_by_parent = sorted(forening_users_by_parent, key=lambda u: u.get_full_name())
    sherpa_admins = sorted(User.objects.filter(permissions__name='sherpa_admin'), key=lambda u: u.get_full_name())

    # The parent choices are tricky to define in the forms API, so do it here.
    # Note that we're intentionally letting users choose parents among only those they have permission to.
    all_sorted = request.user.all_foreninger_sorted()
    parents_choices = {
        'forening': all_sorted['forening'],
        'turlag': all_sorted['turlag'],
    }

    # If the parent of the current forening isn't in the user's permissions, we still need to include that one as an
    # available parent so that they're able to make changes.
    if current_forening.type != 'sentral':
        for current_parent in current_forening.get_main_foreninger():
            if current_parent not in parents_choices['forening'] and current_parent not in parents_choices['turlag']:
                parents_choices[current_parent.type].append(current_parent)

    context = {
        'current_forening': current_forening,
        'forening_users': forening_users,
        'forening_users_by_parent': forening_users_by_parent,
        'sherpa_admins': sherpa_admins,
        'parents_choices': parents_choices,
        'admin_user_search_char_length': settings.ADMIN_USER_SEARCH_CHAR_LENGTH
    }

    zipcode = current_forening.zipcode
    edit_form_zipcode_area = zipcode.area if zipcode is not None else ''

    if current_forening.contact_person is not None:
        choose_contact = 'person'
        contact_person = current_forening.contact_person.id
        contact_person_name = current_forening.contact_person.get_full_name()
        phone = current_forening.contact_person.get_phone_mobile()
        email = current_forening.contact_person.get_sherpa_email()
    elif current_forening.contact_person_name != '':
        choose_contact = 'person'
        contact_person = None
        contact_person_name = current_forening.contact_person_name
        phone = current_forening.phone
        email = current_forening.email
    else:
        choose_contact = 'forening'
        contact_person = None
        contact_person_name = ''
        phone = current_forening.phone
        email = current_forening.email

    edit_form = ExistingForeningDataForm(request.user, prefix='edit', initial={
        'forening': current_forening.id,
        'parents': current_forening.parents.all(),
        'name': current_forening.name,
        'type': current_forening.type,
        'group_type': current_forening.group_type,
        'post_address': current_forening.post_address,
        'visit_address': current_forening.visit_address,
        'zipcode': zipcode.zipcode if zipcode is not None else '',
        'counties': current_forening.counties.all(),
        'choose_contact': choose_contact,
        'contact_person': contact_person,
        'contact_person_name': contact_person_name,
        'phone': phone,
        'email': email,
        'organization_no': current_forening.organization_no,
        'gmap_url': current_forening.gmap_url,
        'facebook_url': current_forening.facebook_url,
    })

    create_form = ForeningDataForm(request.user, prefix='create', initial={
        'zipcode': '',
    })

    context.update({
        'edit_form': edit_form,
        'create_form': create_form,
        'edit_form_zipcode_area': edit_form_zipcode_area,
    })

    if request.method == 'GET':
        return render(request, 'common/admin/forening/index.html', context)

    elif request.method == 'POST':

        if request.POST.get('form') == 'edit':
            edit_form = ExistingForeningDataForm(request.user, request.POST, prefix='edit')
            if edit_form.is_valid():
                forening = edit_form.cleaned_data['forening']
                forening.parents = edit_form.cleaned_data['parents']
                forening.name = edit_form.cleaned_data['name']
                forening.type = edit_form.cleaned_data['type']
                if forening.type == 'turgruppe':
                    forening.group_type = edit_form.cleaned_data['group_type']
                else:
                    forening.group_type = ''
                forening.post_address = edit_form.cleaned_data['post_address']
                forening.visit_address = edit_form.cleaned_data['visit_address']
                forening.zipcode = edit_form.cleaned_data['zipcode']
                forening.counties = edit_form.cleaned_data['counties']

                if edit_form.cleaned_data['choose_contact'] == 'person':
                    if edit_form.cleaned_data['contact_person'] is not None:
                        forening.contact_person = edit_form.cleaned_data['contact_person']
                        forening.contact_person_name = ''
                    else:
                        forening.contact_person = None
                        forening.contact_person_name = edit_form.cleaned_data['contact_person_name']
                else:
                    forening.contact_person = None
                    forening.contact_person_name = ''

                forening.phone = edit_form.cleaned_data['phone']
                forening.email = edit_form.cleaned_data['email']

                forening.organization_no = edit_form.cleaned_data['organization_no']
                forening.gmap_url = edit_form.cleaned_data['gmap_url']
                forening.facebook_url = edit_form.cleaned_data['facebook_url']
                forening.save()
                messages.info(request, 'forening_save_success')
                cache.delete('foreninger.all.sorted_by_name')
                cache.delete('foreninger.all.sorted_by_name.with_active_url')
                cache.delete('foreninger.all.sorted_by_type')
                cache.delete('forening.%s' % forening.id)
                cache.delete('forening.main_foreninger.%s' % forening.id)
                return redirect('admin.forening.views.index', current_forening.id)
            else:
                context.update({'edit_form': edit_form})
                return render(request, 'common/admin/forening/index.html', context)

        elif request.POST.get('form') == 'create':
            create_form = ForeningDataForm(request.user, request.POST, prefix='create')
            if create_form.is_valid():
                forening = Forening()
                forening.name = create_form.cleaned_data['name']
                forening.type = create_form.cleaned_data['type']
                if forening.type == 'turgruppe':
                    forening.group_type = create_form.cleaned_data['group_type']
                else:
                    forening.group_type = ''
                forening.post_address = create_form.cleaned_data['post_address']
                forening.visit_address = create_form.cleaned_data['visit_address']
                forening.zipcode = create_form.cleaned_data['zipcode']

                if create_form.cleaned_data['choose_contact'] == 'person':
                    if create_form.cleaned_data['contact_person'] is not None:
                        forening.contact_person = create_form.cleaned_data['contact_person']
                        forening.contact_person_name = ''
                    else:
                        forening.contact_person = None
                        forening.contact_person_name = create_form.cleaned_data['contact_person_name']
                else:
                    forening.contact_person = None
                    forening.contact_person_name = ''

                forening.phone = create_form.cleaned_data['phone']
                forening.email = create_form.cleaned_data['email']

                forening.organization_no = create_form.cleaned_data['organization_no']
                forening.gmap_url = create_form.cleaned_data['gmap_url']
                forening.facebook_url = create_form.cleaned_data['facebook_url']
                forening.save()

                # Set M2M-fields after the initial db-save
                forening.parents = create_form.cleaned_data['parents']
                forening.counties = create_form.cleaned_data['counties']

                # Add the current user as admin on the new forening
                role = ForeningRole(
                    user=request.user,
                    forening=forening,
                    role='admin',
                )
                role.save()
                # FIXME: We can't delete the permission cache for all users, so some may find that they can't edit
                # the new forening even though they should be able, until the cache (which is currently 24h) expires.
                cache.delete('user.%s.all_foreninger' % request.user.id)

                messages.info(request, 'forening_create_success')
                request.session['active_forening'] = forening.id
                cache.delete('foreninger.all.sorted_by_name')
                cache.delete('foreninger.all.sorted_by_name.with_active_url')
                cache.delete('foreninger.all.sorted_by_type')
                cache.delete('forening.%s' % forening.id)
                cache.delete('forening.main_foreninger.%s' % forening.id)
                # Since GET url == POST url, we need to specifically set the tab hashtag we want, or the existing
                # one (create) will be kept
                return redirect('%s#metadata' % reverse('admin.forening.views.index', args=[current_forening.id]))
            else:
                context.update({'create_form': create_form})
                return render(request, 'common/admin/forening/index.html', context)

        else:
            return redirect('admin.forening.views.index', current_forening.id)